simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Thu Apr 26 07:24:40 BST 2018


TL;DR:
  a0b91e9 Fix a missing } in a GSSAPI-related comment.
  d50150c Factor out ssh2_timer_update.
  d515e4f Support GSS key exchange, for Kerberos 5 only.
  65acff1 logparse.pl: support GSSAPI key exchange messages.
  d944aa4 Mention SSPI explicitly in the documentation.
  c32ce29 Copyright holders update after GSS kex.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-04-26 07:24:40

commit a0b91e99b87de85e5560c6968a84c44101fa32c4
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=a0b91e99b87de85e5560c6968a84c44101fa32c4;hp=dbd88975f2d4c3d1573c45b785ab5669690027c6
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Apr 14 14:53:34 2018 +0100

    Fix a missing } in a GSSAPI-related comment.

 pgssapi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit d50150c40f6bd6313e214f9d1c3aff347cfbc7b0
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d50150c40f6bd6313e214f9d1c3aff347cfbc7b0;hp=a0b91e99b87de85e5560c6968a84c44101fa32c4
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Apr 14 14:48:02 2018 +0100

    Factor out ssh2_timer_update.
    
    This is a preliminary refactoring for an upcoming change which will
    need to affect every use of schedule_timer to wait for the next rekey:
    those calls to schedule_timer are now centralised into a function that
    does an organised piece of thinking about when the next timer should
    be.
    
    A side effect of this change is that the translation from
    CONF_ssh_rekey_time to an actual tick count is now better proofed
    against integer overflow (just in case the user entered a completely
    silly value).

 putty.h |  7 +++++++
 ssh.c   | 67 ++++++++++++++++++++++++++++++++++++++++++++++-------------------
 2 files changed, 55 insertions(+), 19 deletions(-)

commit d515e4f1a34b4122195b113ba42ad1c4d2de9085
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d515e4f1a34b4122195b113ba42ad1c4d2de9085;hp=d50150c40f6bd6313e214f9d1c3aff347cfbc7b0
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Apr 26 07:18:59 2018 +0100

    Support GSS key exchange, for Kerberos 5 only.
    
    This is a heavily edited (by me) version of a patch originally due to
    Nico Williams and Viktor Dukhovni. Their comments:
    
     * Don't delegate credentials when rekeying unless there's a new TGT
       or the old service ticket is nearly expired.
    
     * Check for the above conditions more frequently (every two minutes
       by default) and rekey when we would delegate credentials.
    
     * Do not rekey with very short service ticket lifetimes; some GSSAPI
       libraries may lose the race to use an almost expired ticket. Adjust
       the timing of rekey checks to try to avoid this possibility.
    
    My further comments:
    
    The most interesting thing about this patch to me is that the use of
    GSS key exchange causes a switch over to a completely different model
    of what host keys are for. This comes from RFC 4462 section 2.1: the
    basic idea is that when your session is mostly bidirectionally
    authenticated by the GSSAPI exchanges happening in initial kex and
    every rekey, host keys become more or less vestigial, and their
    remaining purpose is to allow a rekey to happen if the requirements of
    the SSH protocol demand it at an awkward moment when the GSS
    credentials are not currently available (e.g. timed out and haven't
    been renewed yet). As such, there's no need for host keys to be
    _permanent_ or to be a reliable identifier of a particular host, and
    RFC 4462 allows for the possibility that they might be purely
    transient and only for this kind of emergency fallback purpose.
    
    Therefore, once PuTTY has done a GSS key exchange, it disconnects
    itself completely from the permanent host key cache functions in
    storage.h, and instead switches to a _transient_ host key cache stored
    in memory with the lifetime of just that SSH session. That cache is
    populated with keys received from the server as a side effect of GSS
    kex (via the optional SSH2_MSG_KEXGSS_HOSTKEY message), and used if
    later in the session we have to fall back to a non-GSS key exchange.
    However, in practice servers we've tested against do not send a host
    key in that way, so we also have a fallback method of populating the
    transient cache by triggering an immediate non-GSS rekey straight
    after userauth (reusing the code path we also use to turn on OpenSSH
    delayed encryption without the race condition).

 config.c          |   11 +-
 doc/config.but    |   53 ++-
 pgssapi.h         |   37 ++
 putty.h           |    9 +
 settings.c        |   19 +-
 ssh.c             | 1195 ++++++++++++++++++++++++++++++++++++++++++++++-------
 ssh.h             |   10 +-
 sshdh.c           |   40 ++
 sshgss.h          |   21 +-
 sshgssc.c         |   89 +++-
 sshgssc.h         |    1 +
 unix/uxgss.c      |    6 +
 windows/wingss.c  |  119 +++++-
 windows/winhelp.h |    1 +
 14 files changed, 1444 insertions(+), 167 deletions(-)

commit 65acff1f7015ee63b2908df5f81d0d1043728a3f
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=65acff1f7015ee63b2908df5f81d0d1043728a3f;hp=d515e4f1a34b4122195b113ba42ad1c4d2de9085
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Apr 5 18:24:00 2018 +0100

    logparse.pl: support GSSAPI key exchange messages.

 contrib/logparse.pl | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

commit d944aa409618043eeae110a34326a9bb52b949d1
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d944aa409618043eeae110a34326a9bb52b949d1;hp=65acff1f7015ee63b2908df5f81d0d1043728a3f
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Apr 25 21:31:56 2018 +0100

    Mention SSPI explicitly in the documentation.
    
    This was originally sent in as part of the GSSAPI patch, but I've
    extracted into a separate commit because that patch was more than
    complicated enough by itself.

 doc/config.but | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

commit c32ce29b6de84caf70bf7cb792122d130e971db9
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c32ce29b6de84caf70bf7cb792122d130e971db9;hp=d944aa409618043eeae110a34326a9bb52b949d1
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Apr 26 07:19:53 2018 +0100

    Copyright holders update after GSS kex.

 LICENCE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)



More information about the tartarus-commits mailing list